Executive Summary
In our 2021 Year in Review, we predicted a rise in Linux malware for 2022. AT&T Alien Labs recently reported on Shikitega, a new Linux malware with stealth capabilities.
Key Takeaways
Shikitega Linux Malware
Sep 15, 2022 1:51:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Shikitega, CVE-2021-4034, CVE-2021-3493
DarkAngels Linux Ransomware
Sep 12, 2022 1:45:13 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Linux, DarkAngels
Related families: Babuk
Executive Summary
Uptycs recently reported on a new DarkAngels Linux ransomware variant that appears to still be in development.
Lightning Framework
Sep 1, 2022 12:30:19 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Lightning Framework
Executive Summary
Intezer recently reported on Lightning Framework, a Linux malware with modular plugins and the ability to install rootkits.
Key Takeaways
RapperBot Targets IoT
Aug 22, 2022 3:09:40 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, IoT, SSH, Mirai, RapperBot
Executive Summary
FortiGuard Labs recently reported on RapperBot, a malware family with a built-in capability to brute force credentials and gain access to SSH servers.
Black Basta Ransomware
Jul 5, 2022 3:33:54 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Windows, Linux, Black Basta, Qbot
Executive Summary
Cybereason recently reported on Black Basta ransomware, which has claimed around 50 victims so far, making it a prominent threat.
Symbiote Linux Malware
Jun 20, 2022 12:01:49 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Symbiote
Executive Summary
Intezer and BlackBerry recently reported on Symbiote, a difficult to detect Linux malware that relies on existing running processes to infect a system.
Pymafka Targets macOS, Windows, Linux
Jun 17, 2022 2:17:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike
Executive Summary
Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.
Enemybot IoT Malware
Jun 13, 2022 3:47:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Linux, Enemybot, CMS
Executive Summary
AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.
Key Takeaways